Make WordPress Core

Changeset 21137


Ignore:
Timestamp:
06/26/2012 07:04:10 PM (12 years ago)
Author:
nacin
Message:

Check XML-RPC cap before running the query. props maxcutler. see #20991 for trunk.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/class-wp-xmlrpc-server.php

    r20996 r21137  
    13381338
    13391339        $post_type = get_post_type_object( $post['post_type'] );
    1340         if ( ! current_user_can( $post_type->cap->edit_posts, $post_id ) )
     1340        if ( ! current_user_can( $post_type->cap->edit_post, $post_id ) )
    13411341            return new IXR_Error( 401, __( 'Sorry, you cannot edit this post.' ) );
    13421342
     
    13951395            if ( ! ( (bool) $post_type ) )
    13961396                return new IXR_Error( 403, __( 'The post type specified is not valid' ) );
    1397 
    1398             if ( ! current_user_can( $post_type->cap->edit_posts ) )
    1399                 return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts in this post type' ));
    1400 
    1401             $query['post_type'] = $filter['post_type'];
    1402         }
     1397        } else {
     1398            $post_type = get_post_type_object( 'post' );
     1399        }
     1400
     1401        if ( ! current_user_can( $post_type->cap->edit_posts ) )
     1402            return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts in this post type' ));
     1403
     1404        $query['post_type'] = $post_type->name;
    14031405
    14041406        if ( isset( $filter['post_status'] ) )
     
    14281430        foreach ( $posts_list as $post ) {
    14291431            $post_type = get_post_type_object( $post['post_type'] );
    1430             if ( ! current_user_can( $post_type->cap->edit_posts, $post['ID'] ) )
     1432            if ( ! current_user_can( $post_type->cap->edit_post, $post['ID'] ) )
    14311433                continue;
    14321434
Note: See TracChangeset for help on using the changeset viewer.